We will be happy to help!
This Policy applies to any personal data processing (use) by company Odeja d.o.o. (controller) or performed on behalf of the controller.
Odeja d.o.o. safeguards your personal data by acting in accordance with the regulation and legislation (basis: Personal Data Protection Act – ZVOP-1, OG RS, no. 94/07, and General Data Protection Regulation – GDPR, effective date 25 May 2018).
The controller of personal data, as defined by the EU General Data Protection Regulation (GDPR) and applicable legislation governing personal data protection, is:
Which personal data we process
- basic contact information (name, phone no, e-mail address)
- data on our website usage (clicks on links, time on site) and data regarding responses to our e-mail messages (whether the message was opened, which links you clicked)
- information needed for the performance of contract and delivery of purchased goods (products purchased, price, delivery address, time of delivery, payment method, payment date, information on warranty claims, information on issued invoice, etc., password in encrypted form and other data entered by the user upon online store registration or generated during communication between the client and the provider)
Purposes of personal data processing
We can use your personal data for one or several listed purposes:
- communication with you regarding provision of our services and for responding to your enquiries
- conclusion of contract and fulfilment of obligations arising from a concluded contract
- marketing communication (sending e-mails)
- enforcement of any legal claims and dispute resolution
- statistical analyses on our sales of goods and usage of our websites
Personal data storage period
We store basic personal data for an unlimited period as long as you have a status of registered user on our website or until you withdraw your consent.
Freely given data
Personal data is given freely. You are not obligated to give out your personal data; however, if you do not provide your personal data, we cannot conclude a contract (since we need them for order delivery).
Who has access to your personal data
We do not share or give access to your personal data to any third parties (outside company Odeja d.o.o.), except those contractual partners that perform certain services for us regarding data processing, and which are obligated to act in accordance with the legislation governing personal data processing and protection (i.e. contractual processors). Contractual processors that receive personal data from us:
- marketing services providers
- providers for e-mail sending services
- providers of software solutions
- delivery companies
Contractual processors can process personal data exclusively in accordance with our instructions and cannot process personal data for their own purposes. They are obligated, together with their employees, to protect the confidentiality of your personal data. All submitted information is therefore protected against any third party access, allowing users to conduct their business with Odeja d.o.o. without worries or interruptions.
The provider respect the privacy and is obligated to act with due diligence and in accordance with applicable regulation on personal data protection when collecting, storing, and processing personal data. The provider is not liable for the accuracy of data listed by the user upon registration in the online store.
The user also bears responsibility for protection their personal data, specifically by ensuring the security of their username and password and with appropriate software (antivirus) protection of their computer.
For security purposes, we also collect data IP addresses of users accessing and using Odeja online store at www.odeja.si.
- every user on Odeja d.o.o. website, on first and every subsequent visit
- every person that submits their personal data in any form to the company
Personal data submitted during an order/subscription to e-news is processed with your clear and unambiguous consent, based on Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR). For the purpose of improving the quality of our products and services, as well as for statistical purposes related to e-mail messages sent, we also process data on received messages opened and clicks on links in received messages.
You give your consent to personal data processing by entering your e-mail address on Odeja.si website on the online order form or in the “Stay in touch” link. You can withdraw your consent at any time by clicking “You can always unsubscribe or change your personal information”, located in the footer of every message received from Odeja.si, or by sending an e-mail to email@example.com. In the event of withdrawal of consent, we will no longer use your personal data for notifications on Odeja.si content. A withdrawal of consent has no effect on the legality of consent-based data processing before the withdrawal.
Your rights related to personal data
You have the following right regarding your data:
- Confirmation whether or not we are processing your data.
- Access to personal data and the following information: purposes of processing; categories of personal data; recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations; envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of automated decision-making, including profiling, and reasons as well as the significance and the envisaged consequences of such processing for you.
- A copy of personal data in the format specified by you (if the request is submitted by electronic means of communication and you do not specify otherwise, the copy is provided in electronic form); for additional copies requested, we can charge a fee for our costs.
- Correction of incorrect personal data.
- Limitation of processing in the following cases:
- You dispute the accuracy of personal data, specifically for the period that allows us to check the accuracy of personal data.
- Processing is illegal and you oppose the deletion of personal data, and instead request limitation of their use.
- We no longer need personal data for the purposes of processing, but you need them to enforce, initiate or defend legal claims.
- Erasure of all personal data (right to be forgotten), if all assumptions of Article 17 of the General Data Protection Regulation are met, and above all in the event of withdrawn consent for personal data processing.
- Transcript of personal data in a structured, generally used and machine-readable form, with the right to submit this data to another controller without any interference on our part.
- Cessation of use of personal data for the purposes of direct marketing, including profiling.
- A decision based purely on automated processing, including profiling, does not apply to you, if the assumptions of Article 22 of the General Data Protection Regulation are met.
- The right to file a complaint against us with the information commissioner, if you believe that processing of your personal data violates the General Data Protection Regulation.
Procedure for exercising your rights
At any time, you can send a request regarding your rights related to personal data to firstname.lastname@example.org.
For the purposes of reliable identification in the event of exercising of rights related to personal data, we can request additional data; we can only refuse to act if we can prove that we cannot reliably identify you.
We are obligated to respond to any request regarding your rights on personal data without undue delay and no later than in one month of receiving your request.
Updated: 25 May 2018